fastmoss-livestreams

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill communicates only with a local bridge daemon (127.0.0.1:10086) and the target platform (fastmoss.com). No network requests to unknown or suspicious domains were detected.
  • [SAFE]: JavaScript execution is performed through a controlled 'evaluate' action via a local bridge for DOM interaction. The scripts use secure practices like JSON encoding for variables injected into the browser context to prevent execution errors or injection.
  • [PROMPT_INJECTION]: The skill ingests data from an external website, which constitutes a surface for indirect prompt injection. This risk is inherent to the scraping functionality and is mitigated by parsing the content into a structured CSV format.
  • Ingestion points: Scrapes data from the browser DOM in scripts/live_scraper.py and scripts/live_filtered.py.
  • Boundary markers: The data is stored in delimited CSV fields.
  • Capability inventory: File system writing (CSV/Markdown), local bridge command execution, and browser navigation.
  • Sanitization: The skill performs basic header sanitization and limits the length of entity names to prevent unexpected formatting issues.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:23 AM
Security Audit — agent-trust-hub — fastmoss-livestreams